With the recent advancement and development of the digital signal processing technology, digital recorders and recording media have been prevailing. With such a digital recorder and recording medium, an image or sound, for example, can be repeatedly recorded and played back without any degradation thereof. Since digital data can be repeatedly copied many times with no degradation of the image and sound qualities, so recording media having digital data illegally recorded therein, if put on the market, will cause the copyrighters of various contents such as music, movie, etc. or appropriate or authorized distributors of the contents to be deprived of profits which would come to the latter if such unauthorized copying is not possible. To prevent such unauthorized copying of digital data, various unauthorized copy preventing systems have recently been introduced in digital recorders and recording media.
As an example of the above unauthorized-copy preventing systems, SCMS (Serial Copy Management System) is adopted in the MD (mini disc) drive (MD is a trademark). The SCMS is such that at a data player side, audio data is outputted along with SCMS signal from a digital interface (DIF) while at a data recorder side, recording of the audio data from the data player side is controlled based on the SCMS signal from the data player side, thereby preventing the audio data from being illegally copied.
More particularly, the above SCMS signal indicates that an audio data is a “copy-free” data which is allowed to freely be copied many times, a “copy-once-allowed” data which is allowed to be copied only once or a “copy-prohibited” data which is prohibited from being copied. At the data recorder side, when receiving an audio data from the DIF, SCMS signal transmitted along with the audio data is detected. If the SCMS signal indicates that the audio data is a “copy-free” data, the audio data is recorded along with the SCMS signal to the mini disc. If the SCMS signal indicates that the audio data is a “copy-once-allowed” data, the audio data is converted to a “copy-prohibited” data and the SCMS signal is recorded along with the audio data to the mini disc. Further, if the SCMS signal indicates that the audio data is a copy-prohibited data, the audio data is not recorded to the mini disc. Under a control with the SCMS signal, a copyrighted audio data is prevented from being illegally copied in the mini disc drive unit.
However, the SCMS is valid only when the data recorder itself is constructed to control recording of audio data from the data player side based on the SCMS signal. Therefore, it is difficult for the SCMS to support a mini disc drive not constructed to perform the SCMS control. To apply the SCMS, a DVD player for example adopts a content scrambling system to prevent a copyrighted data from being illegally copied.
The content scrambling system is such that encrypted video data, audio data and the like are recorded in a DVD-ROM (read-only memory) and a decryption key for use to decrypt the encrypted data is granted to each licensed DVD player. The license is granted to a DVD player designed in conformity with a predetermined operation rule against unauthorized copying etc. Therefore, using the granted decryption key, a licensed DVD player can decrypt encrypted data recorded in a DVD-ROM to thereby play back the video and audio data from the DVD-ROM.
On the other band, an unlicensed DVD player cannot decrypt encrypted data recorded in a DVD-ROM because it has no decryption key for the encrypted data. In short, the content scrambling system prevents a DVD player not meeting the licensing requirements from playing a DVD-ROM having digital data recorded therein in order to prevent unauthorized copying.
However, the content scrambling system adopted in the DVD-ROM is directed to a recording medium to which the user cannot write data (will be referred to as “ROM medium” hereunder wherever appropriate), but not to any recording medium to which the user can write data (will be referred to as “RAM medium” hereunder wherever appropriate).
That is to say, copying all encrypted data recorded in a ROM medium as they are to a RAM medium will produce a so-called pirated edition of the data which can be played back by a licensed DVD player.
To solve the above problem, the Applicant of the present invention proposed, as disclosed in the Japanese Published Unexamined Application No. 224461 of 1999 (Japanese Patent Application No. 25310 of 1998), a method in which information to identify each recording medium (will be referred to as “medium ID information” hereunder) is recorded with other data in a recording medium to allow access to the medium ID information in the recording medium only when a player going to play the recording medium has been licensed for the medium ID information.
The above method encrypts data in the recording medium with a private key (master key) acquired through licensing of the medium ID information so that any unlicensed player cannot acquire any meaningful data even if it can read the encrypted data. Note that a player licensed for the medium ID information has the operation thereof restricted against unauthorized copying.
No unlicensed player can access the medium ID information. The medium ID information is unique to each recording medium. Even if an unlicensed player could copy all encrypted data recorded in such a recording medium to a new recording medium, the data thus recorded in the new recording medium cannot correctly be decrypted by the unlicensed player as well as by a licensed player. Thus, it is substantially possible to prevent data from being illegally copied.
Now it should be reminded that in the above conventional system, a private key (master key) acquired through licensing as having been proposed in the Japanese Patent Application should be common to all the devices included in a system, which is required for playing a recording medium having data recorded therein by any other device in the system (to secure the interoperability).
However, if an attacker has attacked any one of devices included in a system and succeeded in uncovering the private key held in the device, it will be the same as when private keys of all the devices have been uncovered, so that data recorded in the device before the private key is uncovered as well as data recorded after the private key was uncovered, will be cryptanalyzed by the attacker with the private key thus uncovered.
To avoid the above, the Applicant of the present invention proposed, as in the Japanese Patent Application No. 294928 of 1999, a method for managing the generation of the master key. The method is such that a master key common to all devices in a system is used starting with the first generation of the master key and a private key unique to each of device groups is used, thereby acquiring, from a recording medium, a master key which the newest when the recording medium has been produced. Namely, to a group having the master key thereof uncovered as in the above, there is not granted any master key of the next generation for recording media which are produced after the master key was uncovered. Thus, the devices which are appropriate or authorized, namely, have their master key not uncovered, can acquire a master key of a younger generation while the devices whose master key has been uncovered cannot acquire any master key of a younger generation than a one at which the master key has been uncovered last.
The recorder can record data to a recording medium only with a master key of a generation as young as or younger than the generation of a master key stored in the recording medium. A recorder having a master key meeting the above requirement encrypts data with its latest master key for recording. Thus, even for recording to an old recording medium, data is encrypted for the recording with a nearly latest master key by a device (recorder/player) which is appropriate, that is, whose master key has not been uncovered. So, the data recorded in the old recording medium can be prevented from being read by any inappropriate or unauthorized device which cannot acquire the latest master key.
In a system in which the above-mentioned generation-managed master key is used, the recorder encrypts data with its own latest-generation master key for recording of the data to a recording medium. For playing of the recording medium by a player other than the recorder/player having recorded data to the recorder medium, the master key of the generation having been used for recording the data has to be known to the player going to play the recording medium. However, a latest-generation master key cannot be acquired unless access is made to a latest-generation recording medium. Namely, since the master key of the generation on which the data has been recorded cannot be known, even an appropriate or authorized player cannot play back data recorded in the recording medium as the case may be.
Also, a recorder going to record data to a recording medium has to have a master key of a generation younger than allowed by the recording medium. However, since there is a likelihood that an encrypted master key common to a group of devices has been removed from a master key table in the recording medium because the master key for the group has been uncovered, even an appropriate or authorized recorder going to record data to a recording medium cannot record the data to the recording medium as the case may be.